package com.sc.demo.controller;

import com.sc.demo.domain.Users;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;
import java.util.List;

/**
 * @version 1.0
 * @Author: 许啸林
 * @Date: 2021/6/19 16:21
 */
@RestController
@RequestMapping("/test")
public class ControllerDemo {
    @GetMapping("hello")
    public String hello() {
        return "hello world";
    }
    @GetMapping("index")
    public String index() {
        return "index";
    }
    @GetMapping("unauthTest")
    public String unauthTest() {
        return "test";
    }

    /**
     *  @Secured({role1,role2...}) 角色访问控制 具有其中一个角色即可访问
     * @return
     */
    @Secured({"ROLE_sale","ROLE_manage"})
    @GetMapping("update")
    public String update() {
        return "updaete";
    }

    /**
     * 前置权限验证@PreAuthority(“hasAnyRole/hasRole/hasAnyAuthority/hasAuthority(auth)”)
     * @return
     */
    @PreAuthorize("hasAnyAuthority('list')")
    @GetMapping("list")
    public String list() {
        return "list";
    }

    /**
     * 后置权限校验,在controller 方法执行后进行校验  PostAuthorize(“hasAnyRole/hasRole/hasAnyAuthority/hasAuthority(auth)”)
     * @return
     */
    @PostAuthorize("hasAnyRole('ROLE_sale')")
    @GetMapping("detail")
    public String detail() {
        System.out.println("执行detail方法");
        return "detail";
    }

    /**
     * PostFilter 返回数据过滤
     * @return
     */
    @PostFilter("filterObject.username='admin'")
    @GetMapping("getlist")
    public ArrayList<Users> getlist(){
        ArrayList<Users> users = new ArrayList<>();
        users.add(new Users(5,"admin","123"));
        users.add(new Users(6,"zzs","345"));
        System.out.println(users);
        return  users;
    }
}
